Newsletter Fact or Fiction

Answers to our Fact or Fiction section in the newsletter

December 2024

It's safe to click on links in holiday greeting emails from known senders.

False

Even if emails appear to be from known senders, their accounts may have been compromised. Cybercriminals often exploit the holiday season to send phishing emails that mimic holiday greetings, aiming to steal personal information or infect your device with malware.

Buying Christmas presents from a website that doesn't have HTTPS is okay if the deals are great.

False

It's crucial to use websites with HTTPS when making any purchase online, especially during the holiday season when online shopping spikes. HTTPS encrypts the data between your browser and the website, reducing the risk of data theft. Without HTTPS, any data transferred, including credit card information and personal details, is vulnerable to interception.

It's safe to use the same password for all online retailers to make purchases quicker.

False

Using the same password across multiple accounts increases the risk of multiple accounts being compromised if one gets breached. It's essential to use strong, unique passwords for each account, particularly during the holiday season when online shopping is prevalent. Consider using a password manager to keep track of different passwords.

September 2024

The only tool you need to prevent being compromised through cybercrime is anti-virus software.

False

Although a useful form of protection it does not block or prevent other forms of cybercrime involving for example social engineering techniques.

Cyber fraud is very difficult to achieve?

False

Although some scams can be viewed as sophisticated, the majority of successful scams are down to routine phishing emails and people clicking on links.

You should be wary of all email attachments, even if you know the sender.

True

The sender of the email may have had their account compromised, and the attacker is emailing you an attachment from their account.

March 2024

You should always wait six months before installing a mobile phone update in case it's full of bugs.

False

Updates should be installed as soon as possible to protect from known vulnerabilities and exploits.

Cyber criminals only target large companies with plenty of money.

False

Any company and any individual can be subject to a cyber attack.

The best way to create a strong password is to use three random words.

True

Length is key here. However, do not use a well-known phrase. For example flowerofscotland is a 16 character password, but is not secure to use as it is easy to guess.

October 2023

Mobile phone apps do not need updating regularly

False

Mobile phone apps can be vulnerable to cyber attack and should always be updated to the latest version.

Hackers only target people with large bank accounts

False

Anyone can be a target of a cyber criminal regardless of how much money they have.

The University Information Security Policy applies to all users

True

The policy covers anyone accessing University services.

December 2021

Cyber Security doesn’t apply to me because I’m not in the Government or Healthcare industry.

False

All industries and organisations can and are targeted.

Enabling two factor authentication and using a strong, unique password helps to keep your social media accounts secure

True

Multi-Factor Authentication is a commonly used and valuable security tool. You are given access to an account after providing two or more pieces of information; something you are, something you have or something you know. For example, a username, password and code sent to your device. Passwords should be complex and unique.

It is perfectly safe to install a USB stick I found on the bus

False

Cyber criminals can plant USB sticks with the intention of spreading malware. When plugged in they can compromise devices and potentially wider network systems.  You are advised to never use a USB stick you find or is second hand, and has not been fully wiped by a University team.

August 2021

Mobile phones do not need to run anti-virus software

False 

Viruses exist for mobile phones and can infect and compromise. You should install an anti-virus app and keep it updated.

I don't handle personal data so I am of no interest to cyber criminals

False

We all have personal data about ourselves and most likely family and friends which is of interest to criminals. Our laptop, phone or other device if compromised can be used as a route into the University network. Anyone can be a target

Social engineering is one of the biggest threats we face

True

Social engineering is the manipulation of the natural human tendency to trust. Social engineers use deception to encourage individuals into divulging personal information and data which can then be used for fradulent purposes. An attack can start with a phishing email, a text, a phone call, even an arranged meeting in the street. Cyber criminals know about social engineering and are expert in its use.

May 2021

Mobile phone apps can share data with other apps.

True 

It's important to be aware of what you install and give permission to when accepting the terms and conditions for mobile apps.

Wi-Fi enabled slow cookers are now available to purchase.

True

Today it's difficult to name a household object that isn't available with a wi-fi option and app. As with your laptop and phone the security of these should be kept under regular review.

It's perfectly okay to plug in a USB stick found in a carpark.

False

The USB stick could easily be setup to infect your computer, setting up a backdoor connection for further compromise. It's an attack vector that is used by cyber criminals when attempting to infiltrate an organisation.

February 2021

All phishing emails contain a link or an attachment to click on.

False

Phishing attempts can range in format: initial contact can be a plain text email with no attachments or links, to lure the victim into a dialogue.

Cyber security at the University is the responsibility of everyone.

True

Our information security is dependent on the safety and good practice of all of our members. 

Password Managers are only useful to people with sensitive data.

False

Password managers benefit every internet or account user, as we all tend to have a great number of complex passwords to remember, which should not be written down. We all hold personal info about ourselves and family that can be of great value to criminals. Your data is important and should be kept secure. Our University uses a password manager called LastPass 

November 2020

The first incidence of Ransomware dates from 1989

True

The AIDS Trojan mailed out on a five and a quarter inch floppy disk is the first recorded case of Ransomware

According to Microsoft 50% of compromises against organisations start with an email

False

The latest from Microsoft is a staggering 90% of compromises start with an email

Hackers compromised a Las Vegas Casino by breaking in via an Internet connected fish tank

True

The company Darktrace worked on an incident in 2018 where a casino was hacked via a thermometer in a lobby aquarium

August 2020

Word documents can contain computer viruses

True

More information on protecting against viruses can be found here

Use Anti-virus

Ransomware is the most common form of malware in the world today

True

We deliver an awareness session that explains what ransomware is, and how to protect against it. Find out when the next session will be and how to book, at MyEd.

More compromises against organisations begin with a phishing email than from any other threat

True

More information about phishing and how to avoid can be found here

Learning to avoid phishing